Web Security

1
Web Security

• Faran Sabir
• BS-IT-14-M-1009

University of Education Renala Campus.
2
Contents

• 1.Introduction
• 2. Security threats
• 3. Best Practices Recommendation
• 4. Security standards
• 5. Security technology

3
Introduction

• Web application security is a branch
  of Information Security that deals specifically
  with security of websites, web applications and we
  b services.
•  At a high level, Web application security draws
  on the principles of application security but
  applies them specifically to Internet and Web
  systems.

4
Security threats

• With the emergence of Web, increased information
  sharing through social networking and increasing
  business adoption of the Web as a means of doing
  business and delivering service, websites are
  often attacked directly.
• Hackers either seek to compromise the corporate
  network or the end-users accessing the website by
  subjecting them to drive-by downloading.

5
Security Threats (2)

•  Industry is paying increased attention to the
  security of the web applications themselves in
  addition to the security of the
  underlying computer network and operating
  systems.
• The majority of web application attacks occur
  through cross-site scripting (XSS) and SQL
  injection attacks which typically result from
  flawed coding, and failure to sanitize input to
  and output from the web application.
• Phishing is another common threat to the Web
  application and global losses from this type of
  attack in 2012 were estimated at 1.5 billion.

6
The Top Vulnerabilities
7
Best Practices Recommendation

• Secure web application development should be
  enhanced by applying security checkpoints and
  techniques at early stages of development as well
  as throughout the software development lifecycle.
• Special emphasis should be applied to the coding
  phase of development.

8
Security Standards

• OWASP is the emerging standards body for Web
  application security. In particular they have
  published the OWASP Top 10 which describes in
  detail the major threats against web
  applications.
• The Web Application Security Consortium (WASC)
  has created the Web Hacking Incident Database and
  also produced open source best practice documents
  on Web application security.

9
Security Technology

• While security is fundamentally based on people
  and processes, there are a number of technical
  solutions to consider when designing, building
  and testing secure web applications. 

10
Security Technology (2)

• At a high level, these solutions include
• Black box 
• White box 
• Fuzzing
• Web application security scanner
• Web application firewalls (WAF) 
• Password cracking 

11
Black Box

• Black Box testing tools such as Web application
  security scanners, vulnerability
  scanners and penetration testing software.

12
White Box

• White Box testing tools such as static source
  code analyzers.

13
Fuzzing

• Fuzzing Tools used for input testing.

14
Web Application Security Scanner

• Vulnerability Scanner

15
Web Application Firewall

• It is used to provide firewall-type protection at
  the web application layer.

16
Password Cracking

• Password Cracking tools for testing password
  strength and implementation.

17
References

• https//en.wikipedia.org/wiki/Web_application_secu
  rity
• https//en.wikipedia.org/wiki/OWASP